package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/**
 * 使用预编译SQL语句解决SQL注入攻击问题
 */
public class JDBCDemo7 {
    public static void main(String[] args) {

        try(Connection connection = DBUtil.getConnection()) {
            String sql= "SELECT id,username,password,nickname,age " +
                    "FROM user " +
                    "WHERE username =? AND password=?";

            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,"张三");
            ps.setString(2,"123456");

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }

    }
}
